syzbot

 sign-in | mailing list | source | docs
🐞 Open [1420]
Subsystems
🐞 Fixed [6982]
🐞 Invalid [18202]
Missing Backports [223]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
✨ AI
💬 Send us feedback

UBSAN: array-index-out-of-bounds in dtSplitRoot (2)

Status: upstream: reported C repro on 2024/11/28 23:22
Subsystems: jfs
[Documentation on labels]
Reported-by: syzbot+99491d74a9931659cf48@syzkaller.appspotmail.com
First crash: 473d, last: 12h03m
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH] jfs: fix a oob in dtSplitRoot 2 (2) 2025/02/19 15:54
[syzbot] [jfs?] UBSAN: array-index-out-of-bounds in dtSplitRoot (2) 1 (3) 2024/11/29 02:15
Similar bugs (4)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream UBSAN: array-index-out-of-bounds in dtSplitRoot jfs 15 C error inconclusive 2 916d 1244d 25/29 fixed on 2024/01/30 15:47
linux-5.15 UBSAN: array-index-out-of-bounds in dtSplitRoot origin:lts-only 19 C error 10 217d 418d 0/3 upstream: reported C repro on 2025/01/18 16:29
linux-4.19 KASAN: slab-out-of-bounds Read in dtSplitRoot 17 C error 1 1245d 1245d 0/1 upstream: reported C repro on 2022/10/14 11:28
linux-4.14 KASAN: slab-out-of-bounds Read in dtSplitRoot 17 C 1 1110d 1244d 0/1 upstream: reported C repro on 2022/10/15 22:33
Last patch testing requests (6)
Created Duration User Patch Repo Result
2025/05/22 22:31 14m retest repro upstream report log
2025/03/09 19:36 13m retest repro upstream report log
2025/03/09 19:36 14m retest repro upstream report log
2024/12/29 17:10 14m retest repro upstream report log
2024/12/29 17:10 14m retest repro upstream report log
2024/11/29 01:52 18m lizhi.xu@windriver.com patch upstream OK log
Fix bisection attempts (1)
Created Duration User Patch Repo Result
2025/04/13 19:21 2h44m bisect fix upstream OK (0) job log log

Sample crash report:
loop0: detected capacity change from 0 to 32768
 ... Log Wrap ... Log Wrap ... Log Wrap ...
find_entry called with index >= next_index
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1998:37
index -128 is out of range for type 'struct dtslot[128]'
CPU: 1 UID: 0 PID: 6062 Comm: syz.0.21 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
Call Trace:
 <TASK>
 dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120
 ubsan_epilogue+0xa/0x30 lib/ubsan.c:233
 __ubsan_handle_out_of_bounds+0xe8/0xf0 lib/ubsan.c:455
 dtSplitRoot+0xae9/0x16c0 fs/jfs/jfs_dtree.c:1998
 dtSplitUp fs/jfs/jfs_dtree.c:993 [inline]
 dtInsert+0xf19/0x5f10 fs/jfs/jfs_dtree.c:871
 jfs_mkdir+0x783/0xb00 fs/jfs/namei.c:271
 vfs_mkdir+0x40b/0x630 fs/namei.c:5233
 filename_mkdirat+0x289/0x520 fs/namei.c:5266
 __do_sys_mkdirat fs/namei.c:5287 [inline]
 __se_sys_mkdirat+0x35/0x150 fs/namei.c:5284
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7ff2bbdab607
Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ff2bb40de58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007ff2bb40dee0 RCX: 00007ff2bbdab607
RDX: 00000000000001ff RSI: 0000200000000140 RDI: 00000000ffffff9c
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000140
R13: 00007ff2bb40dea0 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
---[ end trace ]---

Crashes (177):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2026/03/12 19:49 upstream 80234b5ab240 4efadf07 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro #1 (corrupt fs)] [mounted in repro #2 (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/11/22 08:01 upstream 2eba5e05d9bc 4fb8ef37 .config console log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/04/22 00:35 upstream 9d7a0577c9db 2a20f901 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro (corrupt fs)] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:57 upstream 9f16d5e6f220 68da6d95 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2024/11/25 00:06 upstream 9f16d5e6f220 68da6d95 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] [mounted in repro] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/05/02 16:04 upstream ebd297a2affa d7f099d1 .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/03/12 18:28 upstream 80234b5ab240 4efadf07 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/24 23:09 upstream 7dff99b35460 96b1aa46 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/05 03:06 upstream 54e82e93ca93 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/23 16:41 upstream b927546677c8 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci2-upstream-fs UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/03/01 19:16 upstream eb71ab2bf722 43249bac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/03/01 02:43 upstream 2f9339c052bd 43249bac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/27 09:32 upstream 3f4a08e64442 a2f13f71 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/27 04:54 upstream 3f4a08e64442 a2f13f71 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/25 17:08 upstream 7dff99b35460 c162cde9 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/24 15:50 upstream 7dff99b35460 96b1aa46 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/24 09:46 upstream 7dff99b35460 41d2fa6a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/23 15:33 upstream 6de23f81a5e0 7c9658af .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/22 01:47 upstream d79526b89571 6e7b5511 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/20 13:34 upstream 8bf22c33e7a1 17d780d6 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/20 02:24 upstream 2b7a25df823d 73a252ac .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/18 07:00 upstream 2961f841b025 39751c21 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/12 10:02 upstream 1e83ccd5921a 76a109e2 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/10 16:29 upstream 72c395024dac a076df6f .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/10 06:51 upstream 8a5203c630c6 4ab09a02 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/06 17:33 upstream b7ff7151e653 97745f52 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/02/01 11:01 upstream 162b42445b58 6b8752f2 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/31 05:30 upstream 283073725700 c75a2f6e .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/30 08:12 upstream 4d310797262f bfa73b7b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/27 13:51 upstream fcb70a56f4d8 43e1df1d .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/24 21:12 upstream 62085877ae65 40acda8a .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/24 00:18 upstream c133687c2eae 4f25b9b4 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/19 02:15 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/17 17:58 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/17 09:39 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/17 06:57 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/17 05:40 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/15 18:19 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/14 05:23 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/12 13:40 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/11 16:26 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/10 18:16 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/09 13:02 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/07 21:43 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/06 13:49 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/05 20:35 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/05 01:38 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/04 22:07 upstream 54e82e93ca93 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/04 12:25 upstream aacb0a6d604a d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/02 03:53 upstream b69053dd3ffb d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/01 10:30 upstream 349bd28a86f2 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/27 12:48 upstream c53f467229a7 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/24 13:20 upstream b927546677c8 d1b870e1 .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/08/17 21:14 linux-next 931e46dcbc7e 1804e95e .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/15 04:15 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2026/01/14 19:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 59e4d31a0470 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
2025/12/23 17:47 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 8f0b4cce4481 d6526ea3 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 UBSAN: array-index-out-of-bounds in dtSplitRoot
* Struck through repros no longer work on HEAD.